Although all X.509 certificates use similar methods to protect and validate your data, a useful way to categorize them is by validation method. Any certificate must be verified by the issuing Certificate Authority (CA) to ensure that it is covering the correct, authorized site. This verification confirms at a minimum control of the domain. However, more steps can be taken to also confirm the existence of the requesting company or organization (for OV certificates) or to establish even more trust through extended vetting (for EV certificates).
Domain validated or DV certificates are the most common type of SSL certificate. They are verified using only the domain name. Typically, the CA exchanges confirmation email with an address listed in the domain’s WHOIS record. Alternatively, the CA provides a verification file which the owner places on the website to be protected. Either method confirms that the domain is controlled by the party requesting the certificate.
Organization validated or OV certificates require more validation than DV certificates, but provide more trust. For this type, the CA will verify the actual business that is attempting to get the certificate (the information required for OV certificates). The organization’s name is also listed in the certificate, giving added trust that both the website and the company are reputable. OVs are usually used by corporations, governments and other entities that want to provide an extra layer of confidence to their visitors. Aside from SSL/TLS certificates, OV is also commonly used for code signing, document signing, client authentication, and S/MIME email certificates.
Extended validation or EV certificates provide the maximum amount of trust to visitors, and also require the most effort by the CA to validate. Per guidelines set by the CA/Browser Forum, extra documentation must be provided to issue an EV certificate (as described in EV SSL Requirements). As with OV, EV lists the company name in the certificate itself.
An EV code signing certificate is required to sign Windows 10 drivers and provides an instant SmartScreen reputation boost. If you’re not sure which code signing certificate you need, please read this FAQ.
Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.[/su_note]